Lucene search
K

216674 matches found

Github Security Blog
Github Security Blog
added 2026/03/20 8:48 p.m.6 views

Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...

8.1CVSS6.1AI score0.00419EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/20 8:48 p.m.4 views

GHSA-8CPQ-38P9-67GX Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings

Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...

8.1CVSS6.1AI score0.00419EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/20 8:48 p.m.2 views

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and single quotes, which are not...

9.2CVSS6.2AI score0.00442EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/20 8:48 p.m.5 views

WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PublishPress Revisions versions = 3.7.23...

9.3CVSS5.9AI score0.00248EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/20 8:47 p.m.3 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the onpublish function. An attacker can extract sensitive database contents, including user password hashes, email addresses, API keys, and...

10CVSS6AI score0.00468EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:5 p.m.8 views

CVE-2026-33142

CVE-2026-33142 affects OneUptime prior to version 10.0.34. The issue arises because the functions toSortStatement, toSelectStatement, and toGroupByStatement in StatementGenerator interpolate user-supplied keys as ClickHouse Identifier parameters without validating that they match actual model col...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:2 p.m.25 views

CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 8:2 p.m.5 views

CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 8:2 p.m.9 views

CVE-2026-4504

A vulnerability (CVE-2026-4504) affects eosphoros-ai db-gpt up to version 0.7.5. The flaw involves unknown code in the /api/v1/editor/ path of the Incomplete Fix component, enabling SQL injection through manipulation. It can be exploited remotely and an exploit has been published. The vendor was ...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:2 p.m.2 views

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/03/20 5:46 p.m.5 views

WordPress Lumise Product Designer plugin < 2.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Lumise Product Designer versions 2.0.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/20 5:36 p.m.4 views

WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin ChatBot versions = 7.7.9...

9.3CVSS5.9AI score0.00283EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/20 5:16 p.m.5 views

CVE-2025-62846

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

9.3CVSS0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 4:21 p.m.1 views

CVE-2025-62846 QuRouter

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

9.3CVSS6AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 4:21 p.m.14 views

CVE-2025-62846

Summary: CVE-2025-62846 is a SQL injection vulnerability affecting QHora/QuRouter. An attacker with local administrator privileges can exploit the flaw to execute unauthorized commands, with a CVSSv4 base score of 9.3 (CRITICAL), using a local attack vector, no user interaction required, and high...

9.3CVSS6AI score0.002EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:21 p.m.2 views

CVE-2025-62846

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

9.3CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/20 3:31 p.m.3 views

EUVD-2026-13700

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS5.7AI score0.00246EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/20 3:17 p.m.6 views

WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...

8.5CVSS5.9AI score0.00217EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 1:32 p.m.2 views

CVE-2026-4485 itsourcecode College Management System search_student.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/20 1:32 p.m.23 views

CVE-2026-4485 itsourcecode College Management System search_student.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00246EPSS
Exploits0References5
Rows per page
Query Builder